Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Double free in check_file_actlst() #242

Closed
RKX1209 opened this issue Dec 9, 2019 · 1 comment
Closed

Double free in check_file_actlst() #242

RKX1209 opened this issue Dec 9, 2019 · 1 comment

Comments

@RKX1209
Copy link

RKX1209 commented Dec 9, 2019

When I run a sadf utility with the stat file, it leads double free bug in check_file_actlst().

$ ./sadf dfree_sysstat.in
skip_extra_struct: extra_size=0 types=0,16777216,128
=================================================================
==25128==ERROR: AddressSanitizer: attempting double-free on 0x60b000000250 in thread T0:
    #0 0x7f83c49ab7b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x55cc66ccab45 in check_file_actlst ~/sysstat/sa_common.c:2198
    #2 0x55cc66c4e3aa in read_stats_from_file ~/sysstat/sadf.c:1453
    #3 0x55cc66c474f7 in main ~/sysstat/sadf.c:1883
    #4 0x7f83c44fdb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #5 0x55cc66c48ad9 in _start (~/sysstat/sadf+0x27ad9)

0x60b000000250 is located 0 bytes inside of 100-byte region [0x60b000000250,0x60b0000002b4)
freed by thread T0 here:
    #0 0x7f83c49ab7b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x55cc66cca6b1 in check_file_actlst ~/sysstat/sa_common.c:2155

previously allocated by thread T0 here:
    #0 0x7f83c49abf40 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdef40)
    #1 0x55cc66cc9f05 in check_file_actlst ~/sysstat/sa_common.c:2030

SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) in __interceptor_free
==25128==ABORTING

If skip_extra_struct fails at this line, read_stats_from_file falls into format_error: label and try to free buffer here.
However buffer has been already freed before, causes double free bug.

Thanks

@sysstat
Copy link
Owner

sysstat commented Dec 9, 2019

Thanks a lot for this detailed bug report.
This is now fixed.

@sysstat sysstat closed this as completed in a5c8abd Dec 9, 2019
clrpackages pushed a commit to clearlinux-pkgs/sysstat that referenced this issue Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants